Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem with Fingerprint Authentication device after malware cleaning


  • This topic is locked This topic is locked
8 replies to this topic

#1 Andalucia

Andalucia

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 24 August 2015 - 08:20 PM

Hi,

I’m having a problem with my Fingerprint Authentication device. I’m running an HP dv6-7214nr, Win 8.1.

 

The fingerprinter stopped working, and the blinking light which appear when one swipes a finger no longer work. This happened after cleaning with some malware programs – details below, scans attached. Note that while no substantial threats were detected, there were some registry + other files that were deleted. This seems to be the source of the problem.

 

In addition, (perhaps connected – I don’t know) - In the device manager there's now a yellow triangle next to "Unknown USB Device (Device Request Descriptor Failed)". The device status says: "Windows has stopped this device because it has reported problems. (Code 43). A request for the USB device descriptor failed."

 

I don’t know if these 2 issues are one and the same, but I’d very much appreciate your assistance in resolving them. 

 

At the forum where I was advised to perform the scans which created this problem (but where they were unable to resolve it), I was similarly advised at the end to perform a “Farbar” scan which revealed the following, which I suspect is connected:

 

==================== Faulty Device Manager Devices =============

Name: Validity Sensors (WBF) (PID=0018)

Description: Validity Sensors (WBF) (PID=0018)

Class Guid: {53d29ef7-377c-4d14-864b-eb3a85769359}

Manufacturer: Validity Sensors, Inc.

Service: WUDFRd

Problem: : Windows has stopped this device because it has reported problems. (Code 43)

Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: Qualcomm Atheros QCA9565 Bluetooth 4.0 Adapter

Description: Qualcomm Atheros QCA9565 Bluetooth 4.0 Adapter

Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Manufacturer: Qualcomm Atheros Communications

Service: BTHUSB

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==========================================================

 I tried to find the original driver from this HP Site; Under "Driver-Keyboard, Mouse and Input Devices" I tried to install "Validity Fingerprint Sensor Driver" - both with the HP assistant and without, but to no avail. (Reboot was not helpful either). Note: error in Device Manager remains the same. I also posted to the HP site but no one turned up to assist.

 

The programs I scanned with are Junkware Removal Tool and AdwCleaner. I’ve attached the logs so you can see what was deleted, in case there’s something relevant.

 

 

** Thanks very much in advance!!! **

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:07 AM

Posted 24 August 2015 - 09:54 PM

Hello Andalucia

I moved this to the Am I Infected forum.

You may have deleted an important file. What other tools were run as it may still be in their quarantine.

Also remove what ADWCleaner found.

Double click on AdwCleaner.exe to run the tool again. Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Andalucia

Andalucia
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 24 August 2015 - 10:54 PM

Hi Boopme,

 

Thanks for your response!

 

Sorry if I posted in the wrong form. Since I was lead to understand that my concern over ransomware was just a false alarm (i.e. multiple scans revealed there was no significant infection - only some possible PUP's) - I posted the subsequent fingerprinter issue that were the result of the clearing of the scan detections...

 

The scans that were run are as follws:

 

A.   Bitdefender Total Security (my resident, set for the deepest scans possible - came         out clean)

B.   Bitdefender Programs: AntiCryptoWall; BootkitRemoval; Removal_Trojan_Ransom_IcePol; (- came out clean)

C.   Malwarebytes

D.   RKill

E.   RogueKiller

F.   Junkware Removal Tool (already attached)

G.  AdwCleaner (already attached)

 

The only suspect findings were as follows: (I wanted to add the 3 additional logs as attachments, but don't see the option anymore... could you please instruct?)

    A.   Malwarebytes detected: <key><path>HKU\S-1-5-21-1745969249-26260195-2738223308-1002\SOFTWARE\1ClickDownload</path><vendor>PUP.Optional.1ClickDownload.A</vendor><action>success</action><hash>e0cecd3ddbb088ae4a371465d430837d</hash></key>[THIS ITEM WAS QUARANTINED AND THEN DELETED!]

    B.   RogueKiller detected: any number of IAT:Inl(Hook.IEAT) – all of them associated with chrome.exe. It was later explained that these were nothing to worry about.

    C.   Junkware Removal Tool detected and deleted: any number of things that might seem to a novice such as myself to be innocuous (attached).

 

    D.   AdwCleaner detected: several registry Keyes, that were deleted.

 

I'd prefer to wait with another scan of AdwCleaner until you've had a chance to review the above (and the attachments I haven’t yet posted) to instruct me specifically if it’s still necessary.

 

Thanks very much!



#4 Andalucia

Andalucia
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 24 August 2015 - 11:07 PM

P.S. -

 

Just as Background to the current predicament -

 

I was concerned about a possible infection by an ““Interpol/FBI”” Ransom scam virus, as I had come across a tab which opened itself up in my browser for a few seconds, while I was online.

 

To be clear – I did NOT encounter any popups or offline notices whatsoever (as I’ve since read are symptomatic), and was NOT locked out of my computer in any way – I was simply concerned, and preferred to be safe than sorry - hence my original inquiry reg. infection. I only encountered the scam letter once, for a few seconds, while surfing online with Firefox. I immediately disconnected the modem, shut the browser, and ultimately even uninstalled Firefox after running CCleaner.

 

After having gone through those scans to ensure I was not infected, I was given a green light, and after cleaning those of the scans which did detect some minor unrelated things – I proceeded to reboot. It was only then that the issues I described above came to light. Other than that – my computer seems to be performing perfectly.


Edited by Andalucia, 24 August 2015 - 11:09 PM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:07 AM

Posted 25 August 2015 - 02:41 PM

Ok, good.. you may have ransomware.. Roguekiller may have moved something.

I say best thing is a deep look without doing anything you are not told to do..

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Andalucia

Andalucia
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 25 August 2015 - 03:21 PM

Hi Boopme,

 

I’m eager to follow your instructions, but think I might not have been clear:

  1. I’ve already received assistance elsewhere in investigating the possibility of ransomware… I was told I was clean – after having posted the ‘Farbar’ scans and having them reviewed, along with the other scans I mentioned above.
  2. I’d be very glad to have your eyes on this too, just to be sure. Unfortunately I haven’t figured out how to add additional attachments (after having already attached 2 logs above). Could you please advise?
  3. The reason for the post here was not malware (I was told I was clean), but rather the changes I noticed after deleting what was found in the Malwarebytes, Junkware and AdwCleaner scans; since they were unable to resolve this on the other site. There is a chance some things were deleted that should not have been, but I couldn’t say...
  4. Since you suggest RoguKiller may have found something, let me paste the log here (rather than attach it). I don’t think it’s too long…

Thanks again, and awaiting your instruction and advice as to how I might attach other logs here for your review,

 

Regards

 

=============================

RogueKiller V10.10.1.0 (x64) [Aug 17 2015] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 8.1 (6.3.9600) 64 bits version

Started in : Normal mode

User : [NAME][Administrator]

Mode : Scan -- Date : 08/19/2015 12:44:43

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 0 ¤¤¤

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ Hosts File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 154 (Driver: Loaded) ¤¤¤

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtMapViewOfSection : Unknown @ 0x75161501 (jmp 0xfd694e11|jmp 0xffffef9a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x75161599 (jmp 0xfd694e89|jmp 0xffffef02|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtSuspendThread : Unknown @ 0x75161f19 (jmp 0xfd694119|jmp 0xffffe582|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtSetContextThread : Unknown @ 0x75161b89 (jmp 0xfd694089|jmp 0xffffe912|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x75164221 (jmp 0xfd6978b1|jmp 0xffffc27a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - RtlEqualSid : Unknown @ 0x75163a69 (jmp 0xfd6bb1b9|jmp 0xffffca32|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtQueryInformationToken : Unknown @ 0x751639d1 (jmp 0xfd697351|jmp 0xffffcaca|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtCreateSection : Unknown @ 0x751650f9 (jmp 0xfd6987e9|jmp 0xffffb3a2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtSetInformationProcess : Unknown @ 0x751629c9 (jmp 0xfd696399|jmp 0xffffdad2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtOpenProcessToken : Unknown @ 0x75163939 (jmp 0xfd6963d9|jmp 0xffffcb62|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtSetSystemInformation : Unknown @ 0x75162af9 (jmp 0xfd694e19|jmp 0xffffd9a2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtSetValueKey : Unknown @ 0x75165229 (jmp 0xfd6987b9|jmp 0xffffb272|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtCreateFile : Unknown @ 0x75163051 (jmp 0xfd696691|jmp 0xffffd44a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtTerminateProcess : Unknown @ 0x75162931 (jmp 0xfd696201|jmp 0xffffdb6a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) KERNELBASE.dll - CreateProcessInternalA : Unknown @ 0x75164a71 (jmp 0xfe277f81|jmp 0xffffba2a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) KERNELBASE.dll - CreateProcessInternalW : Unknown @ 0x75161a59 (jmp 0xfe301b99|jmp 0xffffea42|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x75161d51 (jmp 0xfd695521|jmp 0xffffe74a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtAdjustPrivilegesToken : Unknown @ 0x75162fb9 (jmp 0xfd696739|jmp 0xffffd4e2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x75161af1 (jmp 0xfd6952e1|jmp 0xffffe9aa|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtCreateMutant : Unknown @ 0x75164fc9 (jmp 0xfd6980f9|jmp 0xffffb4d2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x75161c21 (jmp 0xfd695551|jmp 0xffffe87a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSection : Unknown @ 0x75165061 (jmp 0xfd698881|jmp 0xffffb43a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x75162769 (jmp 0xfd6ccc59|jmp 0xffffdd32|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtCreateThreadEx : Unknown @ 0x751617f9 (jmp 0xfd694879|jmp 0xffffeca2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x75161cb9 (jmp 0xfd6953f9|jmp 0xffffe7e2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ avcuf32.dll) KERNEL32.DLL - CreateToolhelp32Snapshot : Unknown @ 0x75161e81 (jmp 0xfe1b8611|jmp 0xffffe61a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ WINMM.dll) USER32.dll - PostMessageW : Unknown @ 0x75163e91 (jmp 0xfda891e1|jmp 0xffffc60a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ WINMM.dll) USER32.dll - GetMessageA : Unknown @ 0x75163cc9 (jmp 0xfda5df29|jmp 0xffffc7d2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ WINMM.dll) USER32.dll - PostMessageA : Unknown @ 0x75163df9 (jmp 0xfda83b29|jmp 0xffffc6a2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ USER32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x75163c31 (jmp 0xfd695d11|jmp 0xffffc86a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ MSCTF.dll) USER32.dll - GetMessageW : Unknown @ 0x75163d61 (jmp 0xfda89941|jmp 0xffffc73a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ MSCTF.dll) USER32.dll - SetWinEventHook : Unknown @ 0x75162049 (jmp 0xfda7ee29|jmp 0xffffe452|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ SHELL32.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x751616c9 (jmp 0xfda7b729|jmp 0xffffedd2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ chrome.dll) ADVAPI32.dll - CryptAcquireContextW : Unknown @ 0x75163349 (jmp 0xfe469ae9|jmp 0xffffd152|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ chrome.dll) ADVAPI32.dll - CryptGenKey : Unknown @ 0x751633e1 (jmp 0xfe446541|jmp 0xffffd0ba|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ chrome.dll) ADVAPI32.dll - CryptGetHashParam : Unknown @ 0x751636d9 (jmp 0xfe45ca29|jmp 0xffffcdc2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ chrome.dll) ADVAPI32.dll - CryptCreateHash : Unknown @ 0x751635a9 (jmp 0xfe45c919|jmp 0xffffcef2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ WS2_32.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x75162a61 (jmp 0xfd6956d1|jmp 0xffffda3a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ MFC42.dll) USER32.dll - SetWindowsHookExA : Unknown @ 0x75161631 (jmp 0xfda5c051|jmp 0xffffee6a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ urlmon.dll) WININET.dll - InternetReadFile : Unknown @ 0x75164e99 (jmp 0x17619b9|jmp 0xffffb602|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtMapViewOfSection : Unknown @ 0x75161501 (jmp 0xfd694e11|jmp 0xffffef9a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x75161599 (jmp 0xfd694e89|jmp 0xffffef02|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtSuspendThread : Unknown @ 0x75161f19 (jmp 0xfd694119|jmp 0xffffe582|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtSetContextThread : Unknown @ 0x75161b89 (jmp 0xfd694089|jmp 0xffffe912|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x75164221 (jmp 0xfd6978b1|jmp 0xffffc27a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - RtlEqualSid : Unknown @ 0x75163a69 (jmp 0xfd6bb1b9|jmp 0xffffca32|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtQueryInformationToken : Unknown @ 0x751639d1 (jmp 0xfd697351|jmp 0xffffcaca|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtCreateSection : Unknown @ 0x751650f9 (jmp 0xfd6987e9|jmp 0xffffb3a2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtSetInformationProcess : Unknown @ 0x751629c9 (jmp 0xfd696399|jmp 0xffffdad2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtOpenProcessToken : Unknown @ 0x75163939 (jmp 0xfd6963d9|jmp 0xffffcb62|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtSetSystemInformation : Unknown @ 0x75162af9 (jmp 0xfd694e19|jmp 0xffffd9a2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtSetValueKey : Unknown @ 0x75165229 (jmp 0xfd6987b9|jmp 0xffffb272|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtCreateFile : Unknown @ 0x75163051 (jmp 0xfd696691|jmp 0xffffd44a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtTerminateProcess : Unknown @ 0x75162931 (jmp 0xfd696201|jmp 0xffffdb6a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) KERNELBASE.dll - CreateProcessInternalA : Unknown @ 0x75164a71 (jmp 0xfe277f81|jmp 0xffffba2a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) KERNELBASE.dll - CreateProcessInternalW : Unknown @ 0x75161a59 (jmp 0xfe301b99|jmp 0xffffea42|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x75161d51 (jmp 0xfd695521|jmp 0xffffe74a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtAdjustPrivilegesToken : Unknown @ 0x75162fb9 (jmp 0xfd696739|jmp 0xffffd4e2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x75161af1 (jmp 0xfd6952e1|jmp 0xffffe9aa|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtCreateMutant : Unknown @ 0x75164fc9 (jmp 0xfd6980f9|jmp 0xffffb4d2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x75161c21 (jmp 0xfd695551|jmp 0xffffe87a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSection : Unknown @ 0x75165061 (jmp 0xfd698881|jmp 0xffffb43a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x75162769 (jmp 0xfd6ccc59|jmp 0xffffdd32|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtCreateThreadEx : Unknown @ 0x751617f9 (jmp 0xfd694879|jmp 0xffffeca2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x75161cb9 (jmp 0xfd6953f9|jmp 0xffffe7e2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ avcuf32.dll) KERNEL32.DLL - CreateToolhelp32Snapshot : Unknown @ 0x75161e81 (jmp 0xfe1b8611|jmp 0xffffe61a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ WINMM.dll) USER32.dll - PostMessageW : Unknown @ 0x75163e91 (jmp 0xfda891e1|jmp 0xffffc60a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ WINMM.dll) USER32.dll - GetMessageA : Unknown @ 0x75163cc9 (jmp 0xfda5df29|jmp 0xffffc7d2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ WINMM.dll) USER32.dll - PostMessageA : Unknown @ 0x75163df9 (jmp 0xfda83b29|jmp 0xffffc6a2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ USER32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x75163c31 (jmp 0xfd695d11|jmp 0xffffc86a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ MSCTF.dll) USER32.dll - GetMessageW : Unknown @ 0x75163d61 (jmp 0xfda89941|jmp 0xffffc73a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ MSCTF.dll) USER32.dll - SetWinEventHook : Unknown @ 0x75162049 (jmp 0xfda7ee29|jmp 0xffffe452|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ SHELL32.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x751616c9 (jmp 0xfda7b729|jmp 0xffffedd2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ chrome_child.dll) ADVAPI32.dll - CryptGetHashParam : Unknown @ 0x751636d9 (jmp 0xfe45ca29|jmp 0xffffcdc2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ chrome_child.dll) ADVAPI32.dll - CryptCreateHash : Unknown @ 0x751635a9 (jmp 0xfe45c919|jmp 0xffffcef2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ chrome_child.dll) ADVAPI32.dll - CryptAcquireContextW : Unknown @ 0x75163349 (jmp 0xfe469ae9|jmp 0xffffd152|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ chrome_child.dll) WS2_32.dll - WSASend : Unknown @ 0x75163fc1 (jmp 0xffc93091|jmp 0xffffc4da|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ WS2_32.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x75162a61 (jmp 0xfd6956d1|jmp 0xffffda3a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtMapViewOfSection : Unknown @ 0x75161501 (jmp 0xfd694e11|jmp 0xffffef9a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x75161599 (jmp 0xfd694e89|jmp 0xffffef02|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtSuspendThread : Unknown @ 0x75161f19 (jmp 0xfd694119|jmp 0xffffe582|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtSetContextThread : Unknown @ 0x75161b89 (jmp 0xfd694089|jmp 0xffffe912|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x75164221 (jmp 0xfd6978b1|jmp 0xffffc27a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - RtlEqualSid : Unknown @ 0x75163a69 (jmp 0xfd6bb1b9|jmp 0xffffca32|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtQueryInformationToken : Unknown @ 0x751639d1 (jmp 0xfd697351|jmp 0xffffcaca|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtCreateSection : Unknown @ 0x751650f9 (jmp 0xfd6987e9|jmp 0xffffb3a2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtSetInformationProcess : Unknown @ 0x751629c9 (jmp 0xfd696399|jmp 0xffffdad2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtOpenProcessToken : Unknown @ 0x75163939 (jmp 0xfd6963d9|jmp 0xffffcb62|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtSetSystemInformation : Unknown @ 0x75162af9 (jmp 0xfd694e19|jmp 0xffffd9a2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtSetValueKey : Unknown @ 0x75165229 (jmp 0xfd6987b9|jmp 0xffffb272|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtCreateFile : Unknown @ 0x75163051 (jmp 0xfd696691|jmp 0xffffd44a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtTerminateProcess : Unknown @ 0x75162931 (jmp 0xfd696201|jmp 0xffffdb6a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) KERNELBASE.dll - CreateProcessInternalA : Unknown @ 0x75164a71 (jmp 0xfe277f81|jmp 0xffffba2a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) KERNELBASE.dll - CreateProcessInternalW : Unknown @ 0x75161a59 (jmp 0xfe301b99|jmp 0xffffea42|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x75161d51 (jmp 0xfd695521|jmp 0xffffe74a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtAdjustPrivilegesToken : Unknown @ 0x75162fb9 (jmp 0xfd696739|jmp 0xffffd4e2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x75161af1 (jmp 0xfd6952e1|jmp 0xffffe9aa|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtCreateMutant : Unknown @ 0x75164fc9 (jmp 0xfd6980f9|jmp 0xffffb4d2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x75161c21 (jmp 0xfd695551|jmp 0xffffe87a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSection : Unknown @ 0x75165061 (jmp 0xfd698881|jmp 0xffffb43a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x75162769 (jmp 0xfd6ccc59|jmp 0xffffdd32|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtCreateThreadEx : Unknown @ 0x751617f9 (jmp 0xfd694879|jmp 0xffffeca2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x75161cb9 (jmp 0xfd6953f9|jmp 0xffffe7e2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ avcuf32.dll) KERNEL32.DLL - CreateToolhelp32Snapshot : Unknown @ 0x75161e81 (jmp 0xfe1b8611|jmp 0xffffe61a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ WINMM.dll) USER32.dll - PostMessageW : Unknown @ 0x75163e91 (jmp 0xfda891e1|jmp 0xffffc60a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ WINMM.dll) USER32.dll - GetMessageA : Unknown @ 0x75163cc9 (jmp 0xfda5df29|jmp 0xffffc7d2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ WINMM.dll) USER32.dll - PostMessageA : Unknown @ 0x75163df9 (jmp 0xfda83b29|jmp 0xffffc6a2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ USER32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x75163c31 (jmp 0xfd695d11|jmp 0xffffc86a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ MSCTF.dll) USER32.dll - GetMessageW : Unknown @ 0x75163d61 (jmp 0xfda89941|jmp 0xffffc73a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ MSCTF.dll) USER32.dll - SetWinEventHook : Unknown @ 0x75162049 (jmp 0xfda7ee29|jmp 0xffffe452|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ SHELL32.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x751616c9 (jmp 0xfda7b729|jmp 0xffffedd2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ chrome_child.dll) ADVAPI32.dll - CryptGetHashParam : Unknown @ 0x751636d9 (jmp 0xfe45ca29|jmp 0xffffcdc2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ chrome_child.dll) ADVAPI32.dll - CryptCreateHash : Unknown @ 0x751635a9 (jmp 0xfe45c919|jmp 0xffffcef2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ chrome_child.dll) ADVAPI32.dll - CryptAcquireContextW : Unknown @ 0x75163349 (jmp 0xfe469ae9|jmp 0xffffd152|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ chrome_child.dll) WS2_32.dll - WSASend : Unknown @ 0x75163fc1 (jmp 0xffc93091|jmp 0xffffc4da|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ WS2_32.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x75162a61 (jmp 0xfd6956d1|jmp 0xffffda3a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtMapViewOfSection : Unknown @ 0x75161501 (jmp 0xfd694e11|jmp 0xffffef9a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x75161599 (jmp 0xfd694e89|jmp 0xffffef02|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtSuspendThread : Unknown @ 0x75161f19 (jmp 0xfd694119|jmp 0xffffe582|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtSetContextThread : Unknown @ 0x75161b89 (jmp 0xfd694089|jmp 0xffffe912|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x75164221 (jmp 0xfd6978b1|jmp 0xffffc27a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - RtlEqualSid : Unknown @ 0x75163a69 (jmp 0xfd6bb1b9|jmp 0xffffca32|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtQueryInformationToken : Unknown @ 0x751639d1 (jmp 0xfd697351|jmp 0xffffcaca|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtCreateSection : Unknown @ 0x751650f9 (jmp 0xfd6987e9|jmp 0xffffb3a2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtSetInformationProcess : Unknown @ 0x751629c9 (jmp 0xfd696399|jmp 0xffffdad2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtOpenProcessToken : Unknown @ 0x75163939 (jmp 0xfd6963d9|jmp 0xffffcb62|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtSetSystemInformation : Unknown @ 0x75162af9 (jmp 0xfd694e19|jmp 0xffffd9a2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtSetValueKey : Unknown @ 0x75165229 (jmp 0xfd6987b9|jmp 0xffffb272|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtCreateFile : Unknown @ 0x75163051 (jmp 0xfd696691|jmp 0xffffd44a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) ntdll.dll - NtTerminateProcess : Unknown @ 0x75162931 (jmp 0xfd696201|jmp 0xffffdb6a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) KERNELBASE.dll - CreateProcessInternalA : Unknown @ 0x75164a71 (jmp 0xfe277f81|jmp 0xffffba2a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.DLL) KERNELBASE.dll - CreateProcessInternalW : Unknown @ 0x75161a59 (jmp 0xfe301b99|jmp 0xffffea42|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x75161d51 (jmp 0xfd695521|jmp 0xffffe74a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtAdjustPrivilegesToken : Unknown @ 0x75162fb9 (jmp 0xfd696739|jmp 0xffffd4e2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x75161af1 (jmp 0xfd6952e1|jmp 0xffffe9aa|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtCreateMutant : Unknown @ 0x75164fc9 (jmp 0xfd6980f9|jmp 0xffffb4d2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x75161c21 (jmp 0xfd695551|jmp 0xffffe87a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSection : Unknown @ 0x75165061 (jmp 0xfd698881|jmp 0xffffb43a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x75162769 (jmp 0xfd6ccc59|jmp 0xffffdd32|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtCreateThreadEx : Unknown @ 0x751617f9 (jmp 0xfd694879|jmp 0xffffeca2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x75161cb9 (jmp 0xfd6953f9|jmp 0xffffe7e2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ avcuf32.dll) KERNEL32.DLL - CreateToolhelp32Snapshot : Unknown @ 0x75161e81 (jmp 0xfe1b8611|jmp 0xffffe61a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ WINMM.dll) USER32.dll - PostMessageW : Unknown @ 0x75163e91 (jmp 0xfda891e1|jmp 0xffffc60a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ WINMM.dll) USER32.dll - GetMessageA : Unknown @ 0x75163cc9 (jmp 0xfda5df29|jmp 0xffffc7d2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ WINMM.dll) USER32.dll - PostMessageA : Unknown @ 0x75163df9 (jmp 0xfda83b29|jmp 0xffffc6a2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ USER32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x75163c31 (jmp 0xfd695d11|jmp 0xffffc86a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ MSCTF.dll) USER32.dll - GetMessageW : Unknown @ 0x75163d61 (jmp 0xfda89941|jmp 0xffffc73a|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ MSCTF.dll) USER32.dll - SetWinEventHook : Unknown @ 0x75162049 (jmp 0xfda7ee29|jmp 0xffffe452|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ SHELL32.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x751616c9 (jmp 0xfda7b729|jmp 0xffffedd2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ chrome_child.dll) ADVAPI32.dll - CryptGetHashParam : Unknown @ 0x751636d9 (jmp 0xfe45ca29|jmp 0xffffcdc2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ chrome_child.dll) ADVAPI32.dll - CryptCreateHash : Unknown @ 0x751635a9 (jmp 0xfe45c919|jmp 0xffffcef2|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ chrome_child.dll) ADVAPI32.dll - CryptAcquireContextW : Unknown @ 0x75163349 (jmp 0xfe469ae9|jmp 0xffffd152|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ chrome_child.dll) WS2_32.dll - WSASend : Unknown @ 0x75163fc1 (jmp 0xffc93091|jmp 0xffffc4da|call 0x1fe)

[IAT:Inl(Hook.IEAT)] (chrome.exe @ WS2_32.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x75162a61 (jmp 0xfd6956d1|jmp 0xffffda3a|call 0x1fe)

 

¤¤¤ Web browsers : 1 ¤¤¤

[PUM.HomePage][FIREFX:Config] anrq3nwj.default-1425684543997 : user_pref("browser.startup.homepage", "https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2"); -> Found

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: ST750LX003-1AC154 +++++

--- User ---

[MBR] 5563ee86216a1c21e78cfa8297c1cea8

[BSP] 6a3125a7f090a24988d63ba5cae1a61d : Unknown MBR Code

Partition table:

0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB

1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB

2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB

3 - Basic data partition | Offset (sectors): 1615872 | Size: 686234 MB

4 - [SYSTEM] Basic data partition | Offset (sectors): 1407023104 | Size: 28375 MB

User = LL1 ... OK

User = LL2 ... OK



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:07 AM

Posted 25 August 2015 - 07:58 PM

OK, the RK logs are not permitted in this section..
These "Unknown MBR Code" are not usually a good thing.

Please post your RK log here and ask if things are OK.

http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Andalucia

Andalucia
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 25 August 2015 - 09:28 PM

Thanks Boopme.

 

I've re-posted where you directed.

 

Should I delete the post here? ...or the last section where I pasted in the log?

 

Best,



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:07 AM

Posted 27 August 2015 - 12:33 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 5 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users